main/mkinitfs: security fix. make sure initramfs is not world writeable

ref #788
author: Natanael Copa <ncopa@alpinelinux.org> 2011-10-26 14:41:23 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2011-10-26 14:42:29 +0000
commit: 94032669d284f150939429526300518b06ced8fe (patch)
tree: 94580ff2e064061264f798d50ef4e57e35bff77e
parent: 8ded1f134b51cdc2229dff4ed5edc5aea041d834 (diff)
download: alpine_aports-94032669d284f150939429526300518b06ced8fe.tar.bz2
alpine_aports-94032669d284f150939429526300518b06ced8fe.tar.xz
alpine_aports-94032669d284f150939429526300518b06ced8fe.zip
2 files changed, 28 insertions, 1 deletions
diff --git a/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
new file mode 100644
index 0000000000..81602e2a91
--- /dev/null
+++ b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
@@ -0,0 +1,25 @@
+From ba9ab744c9ede5f9d70d57b1623505d47f9024e4 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 26 Oct 2011 14:10:58 +0000
+Subject: [PATCH] mkinitfs: ensure that initramfs image is not world writable
+---
+ mkinitfs.in |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+diff --git a/mkinitfs.in b/mkinitfs.in
+index f79a204..a7dd090 100755
+--- a/mkinitfs.in
+++ b/mkinitfs.in
+@@ -143,6 +143,8 @@ initfs_apk_keys() {
+ 
+ initfs_cpio() {
+        [ -n "$list_sources" ] && return
+       rm -f $outfile
+       umask 0022
+        (cd "$tmpdir" && find . | cpio -o -H newc | gzip) > $outfile
+ }
+ 
+-- 
+1.7.7.1
diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD
index 2067ae1428..31f3270697 100644
--- a/main/mkinitfs/APKBUILD
+++ b/main/mkinitfs/APKBUILD
@@ -1,12 +1,13 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=mkinitfs
 pkgver=2.4.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Tool to generate initramfs images for Alpine"
 url=http://git.alpinelinux.org/cgit/mkinitfs
 depends="busybox apk-tools>=2.0"
 triggers="$pkgname.trigger=/usr/share/kernel/*"
 source="http://git.alpinelinux.org/cgit/$pkgname.git/snapshot/$pkgname-$pkgver.tar.bz2
+        0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
        eglibc.patch
        "
 arch="noarch"
@@ -43,4 +44,5 @@ package() {
        make install DESTDIR="$pkgdir" || return 1
 }
 md5sums="3b7ca4f70bdded5fca0c0c70ddac56f6  mkinitfs-2.4.0.tar.bz2
+3885d1eb3f76bc87120159f007db3cea  0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
 e59c2f7de496fe430b07e32fd812ebe0  eglibc.patch"
author	Natanael Copa <ncopa@alpinelinux.org>	2011-10-26 14:41:23 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2011-10-26 14:42:29 +0000
commit	94032669d284f150939429526300518b06ced8fe (patch)
tree	94580ff2e064061264f798d50ef4e57e35bff77e
parent	8ded1f134b51cdc2229dff4ed5edc5aea041d834 (diff)
download	alpine_aports-94032669d284f150939429526300518b06ced8fe.tar.bz2 alpine_aports-94032669d284f150939429526300518b06ced8fe.tar.xz alpine_aports-94032669d284f150939429526300518b06ced8fe.zip

diff --git a/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch new file mode 100644 index 0000000000..81602e2a91 --- /dev/null +++ b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
@@ -0,0 +1,25 @@
		1	From ba9ab744c9ede5f9d70d57b1623505d47f9024e4 Mon Sep 17 00:00:00 2001
		2	From: Natanael Copa <ncopa@alpinelinux.org>
		3	Date: Wed, 26 Oct 2011 14:10:58 +0000
		4	Subject: [PATCH] mkinitfs: ensure that initramfs image is not world writable
		5
		6	---
		7	mkinitfs.in \| 2 ++
		8	1 files changed, 2 insertions(+), 0 deletions(-)
		9
		10	diff --git a/mkinitfs.in b/mkinitfs.in
		11	index f79a204..a7dd090 100755
		12	--- a/mkinitfs.in
		13	+++ b/mkinitfs.in
		14	@@ -143,6 +143,8 @@ initfs_apk_keys() {
		15
		16	initfs_cpio() {
		17	[ -n "$list_sources" ] && return
		18	+ rm -f $outfile
		19	+ umask 0022
		20	(cd "$tmpdir" && find . \| cpio -o -H newc \| gzip) > $outfile
		21	}
		22
		23	--
		24	1.7.7.1
		25


diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD index 2067ae1428..31f3270697 100644 --- a/main/mkinitfs/APKBUILD +++ b/main/mkinitfs/APKBUILD
@@ -1,12 +1,13 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=mkinitfs	2	pkgname=mkinitfs
3	pkgver=2.4.0	3	pkgver=2.4.0
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="Tool to generate initramfs images for Alpine"	5	pkgdesc="Tool to generate initramfs images for Alpine"
6	url=http://git.alpinelinux.org/cgit/mkinitfs	6	url=http://git.alpinelinux.org/cgit/mkinitfs
7	depends="busybox apk-tools>=2.0"	7	depends="busybox apk-tools>=2.0"
8	triggers="$pkgname.trigger=/usr/share/kernel/*"	8	triggers="$pkgname.trigger=/usr/share/kernel/*"
9	source="http://git.alpinelinux.org/cgit/$pkgname.git/snapshot/$pkgname-$pkgver.tar.bz2	9	source="http://git.alpinelinux.org/cgit/$pkgname.git/snapshot/$pkgname-$pkgver.tar.bz2
		10	0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
10	eglibc.patch	11	eglibc.patch
11	"	12	"
12	arch="noarch"	13	arch="noarch"
@@ -43,4 +44,5 @@ package() {
43	make install DESTDIR="$pkgdir" \|\| return 1	44	make install DESTDIR="$pkgdir" \|\| return 1
44	}	45	}
45	md5sums="3b7ca4f70bdded5fca0c0c70ddac56f6 mkinitfs-2.4.0.tar.bz2	46	md5sums="3b7ca4f70bdded5fca0c0c70ddac56f6 mkinitfs-2.4.0.tar.bz2
		47	3885d1eb3f76bc87120159f007db3cea 0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
46	e59c2f7de496fe430b07e32fd812ebe0 eglibc.patch"	48	e59c2f7de496fe430b07e32fd812ebe0 eglibc.patch"